services:
  libremdb:
    container_name: libremdb
    image: git.ngn.tf/ngn/libremdb
    ports:
    - 80:3000
    env_file: .env.example
    depends_on:
    - libremdb_redis
    tmpfs:
    - /opt/app/.next/cache/:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
    security_opt:
    - no-new-privileges:true
    cap_drop:
     - ALL
    user: 65534:65534 # equivalent to the nobody user
    read_only: true
    restart: unless-stopped

  libremdb_redis:
    container_name: libremdb_redis
    image: redis
    user: nobody
    tmpfs:
    - /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
    security_opt:
    - no-new-privileges:true
    cap_drop:
    - ALL
    read_only: true
    restart: unless-stopped